Is ChipWhisperer for me?

Hi, I am after a bit of advice/assistance as I am a bit weak on the hardware side of things and I am not 100% sure if I can achieve what I am after with the ChipWhisperer.

I have a chip that has several security features built into it that mean that it will erase the stored keys if it detects tampering such as attempts to remove the chip. Due to the location of the board I am unable to access the power or clock pins and I can not input my own data. I may be able to access the output but I am ideally trying to show that regardless of the current security features that the implementation is vulnerable to a em/tempest attack and that it can be conducted it in such a way so it wouldn’t be obvious that an attack had even occurred.

I was wondering if the H-probe, ChipWhisperer and software are sufficient or if this can only work if it is matched with another source of data such as the output? I am trying to show that just the H-probe and some processing is all that is required to reveal the key.

I control the software/programming for the keys but the hardware is not manufactured by my company. I am trying to demonstrate that things are not as secure as my boss believes.

Thank you.

Hi,

For a CPA attack against symmetric crypto, you’re going to need access to either the input or the output data, which you’ll need access to anyways to make use of the key. For RSA, there’s a few side channel attacks that I know of:

I believe that we’re currently looking at some side channel stuff for ECC, but I can’t currently comment on how that would look or the requirements for

Alex

Hi Alex,

Thank you for your reply. I am trying to break AES OFB, I am not sure if I can get access to the data due to limited access to the chip. There is a probe point that I can use to check decrypted data on start up but I haven’t checked if I can get data out of it during normal operation yet.
As this is just to prove that the key is recoverable, being able to use it on the data it’s self wasn’t actually a goal from this.
The main thing is I can’t remove or modify the chip and I can’t control the data that it is receiving and encoding. Hence why I was originally looking at a tempest attack but then I came across the ChipWhisperer and it seemed like it would solve alot of other issues I expected to encounter with interference.
The clock speed is only 4 Mghz, is this something that can be used against it?

I will investigate further exactly what access I can get as there may be another point on the circuit board that I can get the input or output data rather than directly from the chip.

Thank you once again for your reply and I would appreciate any assistance in pointing me in the right direction.

Regards,
Max

Hi Max,

In the case of OFB, you will need both the plaintext and ciphertext (I’ve found a handy paper on side channel attacks against various forms of AES: https://ieeexplore.ieee.org/document/6974678).

Alex

Hi Alex,

Looks like it may not be as straight forward as what I thought and the chip is better protected than I thought. That paper made interesting reading and actually made me realise that a side channel attack will probably fail as the IV on my chip changes each packet and so it will be impossible to get the key in time as there will not be enough traces. I had originally thought that the IV changing would not affect the power analysis due to the point at which we analyse the trace. After reading the above paper I need to go back and reassess my approach and maybe the hardware implementation is more secure than it looked after my initial assessment.

Thank you.

1 Like